Tag: risk-assessment

CASB buyer’s guide: What to know about cloud access security brokers before you buy

Dec 17, 2025 9:19 AM

Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trust

cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
CASB buyer’s guide: What to know about cloud access security brokers before you buy

Dec 17, 2025 9:19 AM

Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trust

cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis

Dec 15, 2025 3:19 PM

Tags: breach, business, cisa, ciso, corporate, cybersecurity, finance, framework, government, incident response, infrastructure, intelligence, international, jobs, malware, mitigation, regulation, resilience, risk, risk-assessment, service, strategy, supply-chain, technology, threat, training, usa

This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis

Dec 15, 2025 3:19 PM

Tags: breach, business, cisa, ciso, corporate, cybersecurity, finance, framework, government, incident response, infrastructure, intelligence, international, jobs, malware, mitigation, regulation, resilience, risk, risk-assessment, service, strategy, supply-chain, technology, threat, training, usa

This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
Key cybersecurity takeaways from the 2026 NDAA

Dec 10, 2025 8:32 AM

Tags: access, ai, attack, awareness, best-practice, control, cyber, cybersecurity, data, defense, framework, governance, government, group, guide, infrastructure, injection, intelligence, international, malicious, military, ml, mobile, monitoring, network, nist, privacy, resilience, risk, risk-assessment, service, spyware, supply-chain, theft, threat, tool, training, unauthorized, vulnerability

AI and machine learning security and procurement requirements: Recognizing that AI now underpins everything from battlefield planning to intelligence analysis, the bill introduces sweeping requirements to safeguard these systems from emerging digital threats.The NDAA spells out a spate of policy and procurement practices that the military should meet regarding artificial intelligence and machine learning (ML).…
Key cybersecurity takeaways from the 2026 NDAA

Dec 10, 2025 8:32 AM

Tags: access, ai, attack, awareness, best-practice, control, cyber, cybersecurity, data, defense, framework, governance, government, group, guide, infrastructure, injection, intelligence, international, malicious, military, ml, mobile, monitoring, network, nist, privacy, resilience, risk, risk-assessment, service, spyware, supply-chain, theft, threat, tool, training, unauthorized, vulnerability

AI and machine learning security and procurement requirements: Recognizing that AI now underpins everything from battlefield planning to intelligence analysis, the bill introduces sweeping requirements to safeguard these systems from emerging digital threats.The NDAA spells out a spate of policy and procurement practices that the military should meet regarding artificial intelligence and machine learning (ML).…
Hardening browser security with zero-trust controls

Dec 5, 2025 6:32 PM

Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust

1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
From feeds to flows: Using a unified linkage model to operationalize threat intelligence

Dec 4, 2025 6:32 PM

Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trust

what to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
Empathetic policy engineering: The secret to better security behavior and awareness

Nov 28, 2025 8:49 AM

Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, training

In many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
Empathetic policy engineering: The secret to better security behavior and awareness

Nov 28, 2025 8:49 AM

Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, training

In many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
CSPM buyer’s guide: How to choose the best cloud security posture management tools

Nov 27, 2025 8:49 AM

Tags: access, ai, api, automation, awareness, best-practice, breach, business, cloud, compliance, container, control, crowdstrike, cybercrime, data, data-breach, defense, detection, exploit, framework, google, governance, group, guide, infrastructure, intelligence, kubernetes, leak, LLM, microsoft, monitoring, network, programming, risk, risk-assessment, saas, service, software, strategy, threat, tool, training, unauthorized, vulnerability

cloud security posture management (CSPM) enterprise buyer’s guide today! ] In this buyer’s guide Cloud security posture management (CSPM) explainedWhat to look for in cloud security posture management (CSPM) toolsLeading vendors for cloud security posture management (CSPM)What to ask your cloud security posture management (CSPM) providerEssential readingThat’s where CSPM tools can help. These tools continuously…
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework

Nov 21, 2025 7:49 PM

Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windows

Cyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework

Nov 21, 2025 7:49 PM

Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windows

Cyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
API Security Essentials: A Comprehensive Checklist for Securing your API FireTail Blog

Nov 20, 2025 1:46 AM

Tags: access, api, attack, authentication, breach, control, cyber, data, data-breach, defense, encryption, exploit, hacker, injection, malicious, network, open-source, penetration-testing, risk, risk-assessment, service, sql, threat, tool, unauthorized, vulnerability

Nov 19, 2025 – Alan Fagan – 1. Validating User Input One of the cornerstones of API security is to validate user input. Failing to do so accurately can lead to a security issues such as injection attacks and Cross-Site Scripting. When users send data to your API, no matter the type, it should be…
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era

Nov 18, 2025 8:50 PM

Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-management

Tenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era

Nov 18, 2025 8:50 PM

Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-management

Tenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
5 key ways attack surface management will evolve in 2026

Nov 17, 2025 5:49 PM

Tags: access, ai, api, attack, authentication, business, ceo, cloud, control, cyber, cybercrime, cybersecurity, data, deep-fake, defense, email, firewall, identity, incident, infrastructure, intelligence, iot, malicious, network, phishing, risk, risk-assessment, risk-management, service, social-engineering, software, supply-chain, threat, tool, vulnerability, vulnerability-management, zero-trust

The rise of IoT, which has added significantly more devices to networksThe increasing use of APIs and interconnected microservicesThe shift to remote work, which requires incorporating devices and connections from the homeThe seemingly uncontrollable inflation of shadow ITThe move to decentralized infrastructure management and cloud services, which has made the entire IT ecosystem more complicated…
How Rapid AI Adoption Is Creating an Exposure Gap

Nov 13, 2025 5:49 PM

Tags: access, ai, attack, best-practice, breach, business, cloud, compliance, control, cybersecurity, data, data-breach, defense, encryption, exploit, framework, identity, nist, risk, risk-assessment, risk-management, service, strategy, threat, tool, vulnerability

As organizations rush to deploy AI, enterprise defenses are struggling to keep up. This blog explores the emerging AI exposure gap, the widening divide between innovation and protection, and what security leaders can do to close it. Key takeaways: The AI exposure gap is widening as most organizations adopt AI faster than they can secure…
Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape

Nov 10, 2025 6:19 PM

Tags: cyber, cybersecurity, network, risk, risk-assessment, threat

In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer… First seen on hackread.com Jump to article: hackread.com/organizations-vendor-risk-assessment-cyber-threat-landscape/
VulnRisk: Open-source vulnerability risk assessment platform

Nov 5, 2025 7:19 AM

Tags: cvss, open-source, risk, risk-assessment, vulnerability

VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
VulnRisk: Open-source vulnerability risk assessment platform

Nov 5, 2025 7:19 AM

Tags: cvss, open-source, risk, risk-assessment, vulnerability

VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
VulnRisk: Open-source vulnerability risk assessment platform

Nov 5, 2025 7:19 AM

Tags: cvss, open-source, risk, risk-assessment, vulnerability

VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/vulnrisk-open-source-vulnerability-risk-assessment-platform/
AI Agents Mark the End of Traditional GRC

Nov 4, 2025 2:19 PM

Tags: ai, compliance, data, governance, risk, risk-assessment

AI agents are transforming governance and compliance from slow, manual processes into real-time, autonomous systems. By eliminating data silos, automating risk assessments, and enabling multi-modal collaboration, enterprises can achieve governance at Mach speed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/ai-agents-mark-the-end-of-traditional-grc/
AI Agents Mark the End of Traditional GRC

Nov 4, 2025 2:19 PM

Tags: ai, compliance, data, governance, risk, risk-assessment

AI agents are transforming governance and compliance from slow, manual processes into real-time, autonomous systems. By eliminating data silos, automating risk assessments, and enabling multi-modal collaboration, enterprises can achieve governance at Mach speed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/ai-agents-mark-the-end-of-traditional-grc/
The Top 8 Cyber Risk Assessment Tools and Solutions

Oct 31, 2025 3:19 PM

Tags: ai, attack, business, cyber, finance, ransomware, resilience, risk, risk-assessment, tool
The Top 8 Cyber Risk Assessment Tools and Solutions

Oct 31, 2025 3:19 PM

Tags: ai, attack, business, cyber, finance, ransomware, resilience, risk, risk-assessment, tool
The Top 8 Cyber Risk Assessment Tools and Solutions

Oct 31, 2025 3:19 PM

Tags: ai, attack, business, cyber, finance, ransomware, resilience, risk, risk-assessment, tool
Securing the Mission: Why Container Deployment Scanning Is Essential for the DoD

Oct 28, 2025 8:26 PM

Tags: cloud, compliance, container, control, cyber, data, defense, fedramp, framework, government, intelligence, kubernetes, network, risk, risk-assessment, risk-management, service, software, tool, unauthorized, vulnerability, vulnerability-management

As DoD agencies accelerate cloud-native adoption under DOGE efficiency mandates, securing containerized workloads is essential to mission assurance. Learn why deployment-time scanning and admission controller enforcement are critical to reduce risk, meet compliance, and modernize security Key takeaways: Deployment-time scanning ensures containers are evaluated in the context of the environment they’ll be running in, not…
Step aside, SOC. It’s time to ROC

Oct 28, 2025 11:26 AM

Tags: attack, breach, business, communications, corporate, cyber, cybersecurity, data, defense, exploit, finance, framework, government, infrastructure, insurance, intelligence, military, monitoring, network, resilience, risk, risk-assessment, soc, strategy, threat, vpn, vulnerability, zero-day

What is a ROC?: At its core, the Resilience Risk Operations Center (ROC) is a proactive intelligence hub. Think of it as a fusion center in which cyber, business and financial risk come together to form one clear picture.While the idea of a ROC isn’t entirely new, versions of it have existed across government and…
Step aside, SOC. It’s time to ROC

Oct 28, 2025 11:26 AM

Tags: attack, breach, business, communications, corporate, cyber, cybersecurity, data, defense, exploit, finance, framework, government, infrastructure, insurance, intelligence, military, monitoring, network, resilience, risk, risk-assessment, soc, strategy, threat, vpn, vulnerability, zero-day

What is a ROC?: At its core, the Resilience Risk Operations Center (ROC) is a proactive intelligence hub. Think of it as a fusion center in which cyber, business and financial risk come together to form one clear picture.While the idea of a ROC isn’t entirely new, versions of it have existed across government and…